diff options
author | Michael Scherer <misc@zarb.org> | 2014-02-06 10:05:16 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-10 13:18:16 +0100 |
commit | 7b52a628f8b43ba521c302a7f32bccf9d0dc8bfd (patch) | |
tree | d23ed2ee1153ffa4e45c1752a077ae2df6901a36 /man/systemd.exec.xml | |
parent | 36e0e6311bb4df37385db19b5eca03973b26b5ff (diff) |
exec: Add SELinuxContext configuration item
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r-- | man/systemd.exec.xml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 7eaf52bc5b..4281c03cf6 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -951,6 +951,17 @@ </varlistentry> <varlistentry> + <term><varname>SELinuxContext=</varname></term> + + <listitem><para>Set the SELinux context of the + executed process. If set, this will override the + automated domain transition. However, the policy + still need to autorize the transition. See + <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry> + for details.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>IgnoreSIGPIPE=</varname></term> <listitem><para>Takes a boolean |